Re: Discoverer 3.0 - Security...

>Problem.
>Is there any way that I can implement user-based security within
>discoverer? We have the following scenario,
>
>User A and user B both had access to a Business area of 'Personnel
>Information' and access to the folder 'Employee addresses' which is a
>view off all employee addresses on the system.
>
>What we require in the 'real world' is that when user 'A' retrieves
>employee addresses, the query only ONLY brings back the employees
>relative to his department, not the whole organization
>
>

Create a view of the addresses with a user-dependent WHERE clause and query against it.

Depending on what other tables you have; for example, lets assume that you have a table that associates Oracle username with the department....

Select address_stuff from
addresses, user_departments where
user_departments.user= user and
user_departments.department = addresses.department

Ultimately, you will need to tie something back to the Oracle username. You can also base this kind of thing on roles, but you will need to use the SESSION_ROLES table.

One last thing... you may find yourself doing unions to get all the rows a user is supposed to see. You might want to do something like

select address_stuff from addresses
where address_id in
(select address_id from addresses where <condition 1> union
select address_id from addresses where
<condition 2>
union....)

Then, if a row can be seen for any reason, or multiple reasons, it only shows up once in the resultant list. This is especially important if you are doing more joins to get the end view.

Dan Hekimian-Williams Received on Thu Jul 09 1998 - 06:59:11 CEST